SQL Injection vulnerability in SAP Business One B1i Layer
CVE-2023-33993

7.1HIGH

Key Information:

Vendor: SAP
Status: SAP Business One (b1i Layer)
Vendor: CVE Published:; 8 August 2023

Summary

The B1i module of SAP Business One version 10.0 is susceptible to SQL injection, allowing an authenticated user with in-depth knowledge of the application to execute crafted SQL queries over the network. This vulnerability can potentially be exploited to read or modify sensitive SQL data, resulting in significant risks to the confidentiality, integrity, and availability of the application. Organizations using this module should prioritize immediate updates and enhance their security measures to mitigate potential threats.

Affected Version(s)

SAP Business One (B1i Layer) 10.0

References

https://me.sap.com/notes/3337797

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-...

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 8, 2023
Vulnerability Reserved
May 24, 2023